fix: reject string-like shell commands (#3092)

Author: Aphroq

src/agents/run_internal/tool_execution.py

@@ -619,8 +619,12 @@ def coerce_shell_call(tool_call: Any) -> ShellCallData:
         raise ModelBehaviorError("Shell call is missing an action payload.")
 
     commands_value = get_mapping_or_attr(action_payload, "commands")
-    if not isinstance(commands_value, Sequence):
-        raise ModelBehaviorError("Shell call action is missing commands.")
+    if isinstance(commands_value, str | bytes | bytearray) or not isinstance(
+        commands_value, Sequence
+    ):
+        raise ModelBehaviorError(
+            "Shell call action commands must be a sequence of command strings."
+        )
     commands: list[str] = []
     for entry in commands_value:
         if entry is None:

tests/test_shell_call_serialization.py

@@ -29,6 +29,16 @@ def test_coerce_shell_call_requires_commands() -> None:
         run_loop.coerce_shell_call(tool_call)
 
 
+@pytest.mark.parametrize("commands", ["echo hi", b"echo hi", bytearray(b"echo hi")])
+def test_coerce_shell_call_rejects_string_like_commands(commands: object) -> None:
+    tool_call = {"call_id": "shell-3", "action": {"commands": commands}}
+    with pytest.raises(
+        ModelBehaviorError,
+        match="Shell call action commands must be a sequence of command strings.",
+    ):
+        run_loop.coerce_shell_call(tool_call)
+
+
 def test_normalize_shell_output_handles_timeout() -> None:
     entry = {
         "stdout": "",